Over the past 24 hours, cybercriminals have launched yet another massive spam campaign, impersonating LinkedIn, in an attempt to trick its users into clicking on the malicious links found in the bogus “Invitation Notification” themed emails. Once they click on the links, users are automatically exposed to the client-side exploits served by the Black Hole Exploit Kit.

More details:

Sample screenshot of the spamvertised email:

Sample spamvertised URLs used in the campaign:hxxp://vikasprint.ru/linkedrequest.htmlhxxp://img.anibook.ru/linkedrequest.htmlhxxp://spitnsawdust.co.uk/linkedrequest.htmlhxxp://e-infoware.com/linkedrequest.htmlhxxp://mouldingname.info/linkedrequest.htmlhxxp://old.mlsit.ru/linkedrequest.htmlhxxp://hytfgasses.com/linkedrequest.htmlhxxp://dommotorov.ru/linkedrequest.htmlhxxp://mislite.ru/linkedrequest.htmlhxxp://img.anibook.ru/linkedrequest.htmlhxxp://arabellatravel.ru/linkedrequest.htmlhxxp://oldfinco.autolb.ru/linkedrequest.html

Responding to the same IP are also the following malicious domains, part of the campaign’s infrastructure:seoseoonwe.comalphabeticalwin.comehadnedrlop.combestwesttest.commasterseoprodnew.comcocolspottersqwery.comafricanbeat.net

As well as the following Mutexes:Global{CB561546-E774-D5EA-8F92-61FCBA8C42EE}Local{744F300D-C23F-6AF3-8F92-61FCBA8C42EE}Global{5E9F7FDE-8DEC-4023-0508-B06D3016937F}Global{5E9F7FDE-8DEC-4023-7109-B06D4417937F}Global{5E9F7FDE-8DEC-4023-490A-B06D7C14937F}Global{5E9F7FDE-8DEC-4023-610A-B06D5414937F}Global{5E9F7FDE-8DEC-4023-8D0A-B06DB814937F}Global{5E9F7FDE-8DEC-4023-990A-B06DAC14937F}Global{5E9F7FDE-8DEC-4023-410B-B06D7415937F}Global{5E9F7FDE-8DEC-4023-6D0B-B06D5815937F}Global{5E9F7FDE-8DEC-4023-C50B-B06DF015937F}Global{5E9F7FDE-8DEC-4023-210C-B06D1412937F}Global{5E9F7FDE-8DEC-4023-610C-B06D5412937F}Global{5E9F7FDE-8DEC-4023-790C-B06D4C12937F}Global{5E9F7FDE-8DEC-4023-C90D-B06DFC13937F}Global{5E9F7FDE-8DEC-4023-1D0E-B06D2810937F}Global{5E9F7FDE-8DEC-4023-710E-B06D4410937F}Global{5E9F7FDE-8DEC-4023-A108-B06D9416937F}Global{5E9F7FDE-8DEC-4023-8D0B-B06DB815937F}Global{5E9F7FDE-8DEC-4023-190C-B06D2C12937F}Global{5E9F7FDE-8DEC-4023-090F-B06D3C11937F}Global{5E9F7FDE-8DEC-4023-ED0F-B06DD811937F}Global{5E370004-F236-408B-8F92-61FCBA8C42EE}Global{5E9F7FDE-8DEC-4023-6D0C-B06D5812937F}Global{EEE5022F-F01D-F059-8F92-61FCBA8C42EE}Global{38E3341C-C62E-265F-8F92-61FCBA8C42EE}Global{340FE32E-111C-2AB3-8F92-61FCBA8C42EE}Global{340FE329-111B-2AB3-8F92-61FCBA8C42EE}Local{55E9553D-A70F-4B55-8F92-61FCBA8C42EE}Local{55E9553C-A70E-4B55-8F92-61FCBA8C42EE}

Once executed, the sample also attempts to establish multiple UDP connections with the following IPs:177.1.100.2:11709190.33.36.175:11404213.109.254.122:2943641.69.182.117:2981764.219.114.114:13503161.184.174.65:1454593.177.174.72:1011969.132.202.147:16149